Microsoft's Ideas for Making PCs Safer

In his keynote at the RSA conference Tuesday, Microsoft's Scott Charney, corporate vice president of their Trustworthy Computing Group, raised several ideas for improving the general security of users on the Internet. One was to bring outside administration to consumer PCs.

0shares

In his keynote at the RSA conference Tuesday, Microsoft's Scott Charney, corporate vice president of their Trustworthy Computing Group, raised several ideas for improving the general security of users on the Internet. One was to bring outside administration to consumer PCs.

Enterprise PCs have lots of security problems, but they are much better protected than consumer PCs in part because such companies have IT departments that can administer PCs and exercise authority over them, for instance forbidding users to run certain software and pushing security patches to their PCs. Perhaps it would be better to say that they *can* be better administered.

But there is no administrator, usually, for the home PC. The only entity in a position to be one is the Internet Service Provider.

Charney wasn't all that specific; he just wants to get a discussion going. In fact, I've had this discussion in the past myself with others. It's not a new idea and I think that if it could be made to work someone would at least be trying it now. (Here's my column on the idea in eWEEK in 2006.)

Charney had the same idea I did: use something like NAC (Network Access Control), a technology Microsoft calls NAP (Network Access Protection). The idea is that PC can't connect to the network unless they demonstrate to an authority on the network that they meet certain criteria: for instance, that they have applied a certain level of operating system updates, or that they have antivirus protection and that it's updated. If they don't meet these criteria, they are shifted off to a separate network, sometimes called a "walled garden," in which they can do little more than to mitigate the problems that kept them off the network.

NAC has been around quite a while now and it's out there, but it's not widespread. Implementing it on an ISP would be quite a challenge, and I'm not sure any vendors are really ready to do it. Besides, telling people they have to run certain software on their computers will be unacceptable to many. Charney's idea is somewhat different. He proposes that demonstrably infected computers, those creating a threat to others, be walled off.

But the bigger problem is that nobody has the incentive to do this. ISPs would be overwhelmed with customers requiring hours of support and who would pay for it? Plus, you'd need for every ISP to do it, or the ones that did would lose customers to those who don't. Yes, some of you might think "good riddance" but it's clear that ISPs don't want to lose that $30/month, even from the customer who dumps all over their neighbors on the Internet.

We're talking public policy here, so Charney makes the next obvious leap in the argument: Perhaps tax revenues should be used for this purpose. General funds? Some sort of special tax on Internet use? That seems a smaller question than the sheer radicalism of having the government take over security policing of the Internet through a series of local semi-monopolies. Maybe this is the "right" way to do it from a public policy standpoint, or maybe we're just better off the way things are.

Larry Seltzer has been writing software for and English about computers ever sincemuch to his own amazementhe graduated from the University of Pennsylvania in 1983.
He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.
For...
More »

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service